torizon_audit 0.0.6 → 0.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/torizon_audit.rb +25 -20
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2c50971c4656b798f91fc6c5425f9980f87e787dfee2c298c96621935b505923
|
|
4
|
+
data.tar.gz: dffd561304c72e55c5d0d77abc578fc27aeed8c387de97579c6dd186fd719032
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e7081b8c8313196678c72f38c70963a4e8cce844ed0ec35c89b94714206556e927319cab3ca36f5007e6178c252c2aa1383dd6bc247f082b047969222d466f3c
|
|
7
|
+
data.tar.gz: 26cb791aef470cae8b5def32a70f25d5a235989fef4b721105b687c97c52ccfc2ccc619cc3980cd9a8f70cde5b6b593599bce39ce5652219954dc69a81403566
|
data/lib/torizon_audit.rb
CHANGED
|
@@ -24,7 +24,7 @@ class Query
|
|
|
24
24
|
|
|
25
25
|
def initialize(maxNumLogs = 10000)
|
|
26
26
|
@query = {
|
|
27
|
-
"from" => 0,
|
|
27
|
+
"from" => 0,
|
|
28
28
|
"size" => maxNumLogs,
|
|
29
29
|
"query" => {
|
|
30
30
|
"bool" => {
|
|
@@ -106,14 +106,15 @@ class Audit
|
|
|
106
106
|
end
|
|
107
107
|
|
|
108
108
|
def findAction(method, uri)
|
|
109
|
-
@@actionsMap.
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
109
|
+
_, m = @@actionsMap.find do |uriPattern, methodActions|
|
|
110
|
+
uri.match(uriPattern) && methodActions.key?(method)
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
if m.nil?
|
|
114
|
+
"Unknown Action"
|
|
115
|
+
else
|
|
116
|
+
m[method]
|
|
117
|
+
end
|
|
117
118
|
end
|
|
118
119
|
|
|
119
120
|
def userActions(from, to, namespace, dropUnknownActions = true)
|
|
@@ -127,20 +128,24 @@ class Audit
|
|
|
127
128
|
actions = response["hits"]["hits"].map{ |obj|
|
|
128
129
|
src = obj["_source"]
|
|
129
130
|
{
|
|
130
|
-
"
|
|
131
|
-
"
|
|
132
|
-
"
|
|
133
|
-
"
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
131
|
+
"time" => DateTime.parse(src.key?("@timestamp") ? src["@timestamp"]: ""),
|
|
132
|
+
"host" => "app.torizon.io",
|
|
133
|
+
"source" => "torizon",
|
|
134
|
+
"event" => {
|
|
135
|
+
"path" => src.key?("uri") ? src["uri"]: "",
|
|
136
|
+
"method" => src.key?("request_method") ? src["request_method"] : "",
|
|
137
|
+
"namespace" => src.key?("namespace") ? src["namespace"]: "",
|
|
138
|
+
"origin_namespace" => src.key?("origin_namespace") ? src["origin_namespace"]: "",
|
|
139
|
+
"status_code" => src.key?("status") ? src["status"]: "",
|
|
140
|
+
"ip" => src.key?("client_addr") ? src["client_addr"]: "",
|
|
141
|
+
"query" => src.key?("query_string") ? src["query_string"]: "",
|
|
142
|
+
"log_id" => obj.key?("_id") ? obj["_id"]: "",
|
|
143
|
+
"action" => self.findAction(src.key?("request_method") ? src["request_method"] : "", src.key?("uri") ? src["uri"]: "")
|
|
144
|
+
}
|
|
140
145
|
}
|
|
141
146
|
}
|
|
142
147
|
if dropUnknownActions
|
|
143
|
-
return actions.select{|req| req["action"] != "Unknown Action"}
|
|
148
|
+
return actions.select{|req| req["event"]["action"] != "Unknown Action"}
|
|
144
149
|
end
|
|
145
150
|
return actions
|
|
146
151
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: torizon_audit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ben Clouser
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-03-
|
|
11
|
+
date: 2023-03-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Fetch user actions from torizon platform
|
|
14
14
|
email: ben.clouser@toradex.com
|